CVE-2017-14107

Priority
Description
The _zip_read_eocd64 function in zip_open.c in libzip before 1.3.0
mishandles EOCD records, which allows remote attackers to cause a denial of
service (memory allocation failure in _zip_cdir_grow in zip_dirent.c) via a
crafted ZIP archive.
Package
Upstream:released (1.3.0+dfsg.1-1)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):not-affected (code not present)
Ubuntu 16.04 LTS (Xenial Xerus):needed
Ubuntu 18.04 LTS (Bionic Beaver):needed
Ubuntu 18.10 (Cosmic Cuttlefish):needed
Ubuntu 19.04 (Disco Dingo):not-affected (1.5.1-0ubuntu1)
Patches:
Upstream:https://github.com/nih-at/libzip/commit/9b46957ec98d85a572e9ef98301247f39338a3b5
Package
Source: php5 (LP Ubuntu Debian)
Upstream:released (5.6.33+dfsg-0+deb8u1)
Ubuntu 12.04 ESM (Precise Pangolin):needs-triage
Ubuntu 14.04 LTS (Trusty Tahr):needed
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 18.10 (Cosmic Cuttlefish):DNE
Ubuntu 19.04 (Disco Dingo):DNE
Patches:
Upstream:https://github.com/php/php-src/commit/f6e8ce812174343b5c9fd1860f9e2e2864428567
More Information

Updated: 2019-01-14 21:23:54 UTC (commit 51f9b73af244ba86b9321e46e526586c25a8e060)